Anyone with an eBay account is strongly encouraged to change their password as soon as possible.
Oddly, when I logged into my eBay account to change my password a few hours ago, there was no mention of this breach or any warning about changing passwords. The only announcement of the breach from eBay seems to be this blog post on ebayinc.com. Ars Technica has more information about this unfortunate lapse on the part of eBay.
Update 2014May25: Lost in all the concern about password changes is the fact that even if none of the stolen encrypted passwords are cracked, the other – unencrypted – information stolen (including eBay customer names, email addresses, physical addresses, phone numbers and dates of birth) will be very useful for anyone involved in credit card fraud and phishing efforts. And there’s not much you can do about that.
Like Flash, Shockwave is a media platform, and Shockwave media is most commonly found on the web. The two platforms do many of the same things, but the software for creating Shockwave media is both more powerful and more expensive. Flash media is much more common.
In any case, since Shockwave is a target, and since the Shockwave player is commonly installed on the computers of regular users (usually in the form of a browser plugin), I’m adding it to the Software Versions page on this web site.
Update 2014May22:Now comes word that Shockwave contains a version of the Flash player that is over a year out of date. None of the security updates and features added to Flash in the past fifteen months are present in Shockwave’s bundled Flash. Because of this, we recommend disabling Shockwave in your web browser immediately.
As the popularity of software and platforms ebbs and flows, so do the targets of malicious hackers. In the past few years, Java and Flash were the most notable targets.
The latest version of the Webkit-based Opera browser contains several fixes for stability issues. There are apparently no security-related fixes in this version.
Yesterday, Google announced the latest new version of its web browser. Chrome 34.0.1847.137 includes fixes for three security vulnerabilities, as well as the latest version of the embedded Flash viewer.
Adobe has settled into a routine of publishing updates for its software on the second Tuesday on each month, in line with Microsoft’s practices. Today Adobe announced updates for Flash and Reader/Acrobat.
Both the Flash bulletin and the Reader/Acrobat bulletin are a bit light on details, saying only that the updates address critical vulnerabilities in the software.
The release notes for the new version (13.0.0.214) of Flash go into more details, although most of the information is about new features.
As usual, Google Chrome and Internet Explorer on Windows 8.x will be updated automatically and via Windows Update, respectively.
On May 9, a new version of Firefox was released by Mozilla. Since version 29.0.1 is considered a minor (‘dot’) release, there was no formal announcement.
The release notes provide some clues as to the changes in 29.0.1. A few minor bugs were fixed, but none of them appear to be security-related. The colour of unselected tabs was changed to make them more visible than they are in Firefox 29.
boot13